TheTechGuide Forum
General Category => Tech Clinic => Topic started by: take_warning410 on January 01, 2007, 10:46:31 PM
-
im getting a lot of pop ups. sometimes the computer wont load all the way or all of my icons and windows will dissapear.
Logfile of HijackThis v1.99.1
Scan saved at 7:32:14 PM, on 1/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\BigFix\bigfix.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sbc.yahoo.com/dsl (http://\"http://sbc.yahoo.com/dsl\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...DTP&M=D3123 (http://\"http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=D3123\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...DTP&M=D3123 (http://\"http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=D3123\")
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] "C:\Program Files\AGEIA Technologies\TrayIcon.exe"
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\lonxighk.dll",setvm
O4 - HKLM\..\Run: [adstart] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\brrotate.dll" DllVerify
O4 - HKCU\..\Run: [Mercora] "C:\Program Files\Mercora\MercoraClient.exe" -min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Torrent Finder] "C:\Program Files\Torrent Finder\Torrent-Finder.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
-
Can I see a few logs from you please, then we'll clean up this problem
1. Do this first, supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents
Afterwards,
2. Can you navigate to Hijackthis.exe>>RIGHT CLICK on it and rename it scanner.exe
Then run a fresh Scan and save logfile with scanner.exe and post the fresh log
3. This will show me other entries
Download this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/combofix.exe\") and save it too desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post the log from Combofix
NOTE: It may take more than one reply to post all that info, but please try and post it all
-
after i clicked on save list, the box closed. it's not giving me an option where to save it to.
-
Try this
Don't worry about the uninstall list from Hijackthis for now
But go ahead and try and run Combofix and post the log from it
Also, since it's been some time since you last posted, also, post a fresh hijackthis log
-
Logfile of HijackThis v1.99.1
Scan saved at 11:00:56 AM, on 1/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
C:\WINDOWS\system32\RUNDLL32.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\GoogleToolbarNotifier.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\BigFix\bigfix.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sbc.yahoo.com/dsl (http://\"http://sbc.yahoo.com/dsl\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...DTP&M=D3123 (http://\"http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=D3123\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...DTP&M=D3123 (http://\"http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=D3123\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: BannerCpm.com Browser Optimizer - {49C96360-9DA5-4E3A-8FF4-FAD8E79DABF2} - C:\WINDOWS\system32\brrotate.dll
O2 - BHO: (no name) - {5D3D3E35-2DFE-4D59-B6B2-24B09969F3D1} - C:\WINDOWS\system32\vtstt.dll
O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - C:\WINDOWS\system32\SearchEnhancer\nsa296.dll
O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-436325722327} - C:\WINDOWS\system32\SmartShopper\SmartShopper.dll (file missing)
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\msbhmfow.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] "C:\Program Files\AGEIA Technologies\TrayIcon.exe"
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\lonxighk.dll",setvm
O4 - HKLM\..\Run: [adstart] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\brrotate.dll" DllVerify
O4 - HKCU\..\Run: [Mercora] "C:\Program Files\Mercora\MercoraClient.exe" -min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Torrent Finder] "C:\Program Files\Torrent Finder\Torrent-Finder.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O20 - Winlogon Notify: vtstt - C:\WINDOWS\system32\vtstt.dll
O20 - Winlogon Notify: winetn32 - winetn32.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
-
Owner - 07-01-09 11:03:53.98 Service Pack 2
ComboFix 06.11.27 - Running from: "D:\"
((((((((((((((((((((((((((((((( Files Created from 2006-12-09 to 2007-01-09 ))))))))))))))))))))))))))))))))))
2007-01-08 18:11 81,684 --a------ C:\WINDOWS\system32\dvkenghk.dll
2007-01-08 16:54 81,684 --a------ C:\WINDOWS\system32\chheengb.dll
2007-01-05 12:33 81,684 --a------ C:\WINDOWS\system32\iovbdqgx.dll
2007-01-04 20:32 870,954 ---hs---- C:\WINDOWS\system32\ttstv.ini2
2007-01-04 12:24 81,684 --a------ C:\WINDOWS\system32\vuvdkeaq.dll
2007-01-01 19:22 <DIR> d-------- C:\HJT
2006-12-30 19:50 <DIR> d-------- C:\Program Files\_ArcadeDownloadFolder
2006-12-29 19:10 <DIR> d-------- C:\My Backup -- 06-12-29 0810PM
2006-12-29 10:40 81,684 --a------ C:\WINDOWS\system32\akjkuenm.dll
2006-12-28 10:05 44,060 --a------ C:\WINDOWS\system32\msbhmfow.dll
2006-12-28 10:04 81,684 --a------ C:\WINDOWS\system32\fcjbighr.dll
2006-12-27 17:25 44,060 --a------ C:\WINDOWS\system32\jqbargpy.dll
2006-12-27 16:21 44,060 --a------ C:\WINDOWS\system32\auwnjdkh.dll
2006-12-27 15:15 44,060 --a------ C:\WINDOWS\system32\lxfdvhnu.dll
2006-12-27 14:48 44,060 --a------ C:\WINDOWS\system32\pleqjput.dll
2006-12-25 06:41 61,440 --a------ C:\WINDOWS\system32\brrotate.dll
2006-12-22 22:45 81,684 --a------ C:\WINDOWS\system32\bkxdihgx.dll
2006-12-19 16:37 81,684 --a------ C:\WINDOWS\system32\nmypsyfy.dll
2006-12-15 18:13 <DIR> d-------- C:\Program Files\Blubster
2006-12-14 16:27 118,804 --a------ C:\WINDOWS\system32\lonxighk.dll
2006-12-14 15:02 118,804 --a------ C:\WINDOWS\system32\ntfhowex.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-09 10:59 382 --a------ C:\Documents and Settings\Owner\Application Data\internaldb1942.dat
2007-01-09 10:21 -------- d-------- C:\Program Files\Mozilla Firefox
2007-01-09 10:13 69632 --a------ C:\Documents and Settings\Owner\Application Data\internaldb4827.dat
2007-01-09 10:13 151 --a------ C:\Documents and Settings\Owner\Application Data\internaldb9912.dat
2007-01-09 10:13 0 --a------ C:\Documents and Settings\Owner\Application Data\internaldb715.dat
2007-01-09 10:08 850096 ---hs---- C:\WINDOWS\system32\ttstv.bak2
2007-01-09 07:05 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-01-08 08:30 -------- d-------- C:\Program Files\BitComet
2007-01-05 03:17 1594382 ---hs---- C:\WINDOWS\system32\ttstv.bak1
2007-01-03 08:36 -------- d-------- C:\Program Files\LimeWire
2006-12-31 18:52 -------- d-------- C:\Program Files\Google
2006-12-31 15:54 -------- d-------- C:\Program Files\Common Files\Adobe
2006-12-31 15:54 -------- d-------- C:\Program Files\Adobe
2006-12-30 19:50 -------- d-------- C:\Program Files\_ArcadeDownloadFolder
2006-12-28 10:05 39751 --a------ C:\WINDOWS\system32\brrot-uninst.exe
2006-12-27 16:02 -------- d-------- C:\Program Files\VSAdd-in
2006-12-27 14:59 -------- d-------- C:\Program Files\Soulseek
2006-12-15 14:18 -------- d-------- C:\Program Files\Internet Explorer
2006-12-15 10:18 -------- d-------- C:\Program Files\Common Files\System
2006-12-15 10:13 -------- d-------- C:\Program Files\Outlook Express
2006-12-07 01:44 -------- d-------- C:\Documents and Settings\Owner\Application Data\CyberLink
2006-12-06 22:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-28 09:54 -------- d-------- C:\Program Files\Pure Networks
2006-11-28 09:54 -------- d-------- C:\Program Files\Common Files
2006-11-28 09:21 -------- d-------- C:\Program Files\BitTorrent
2006-11-28 09:17 -------- d-------- C:\Documents and Settings\Owner\Application Data\BitTorrent
2006-11-28 09:11 -------- d-------- C:\Program Files\Common Files\AOL
2006-11-28 09:10 -------- d-------- C:\Documents and Settings\Owner\Application Data\AOL
2006-11-26 20:31 -------- d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2006-11-25 19:01 -------- d-------- C:\Documents and Settings\Owner\Application Data\Creative
2006-11-24 08:14 -------- d-------- C:\Program Files\Creative
2006-11-24 08:12 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-24 08:05 -------- d-------- C:\Program Files\Windows Media Player
2006-11-22 18:03 -------- d-------- C:\Documents and Settings\Owner\Application Data\vlc
2006-11-20 20:37 -------- d-------- C:\Program Files\Common Files\Vbox
2006-11-20 20:23 -------- d-------- C:\Documents and Settings\Owner\Application Data\Leadertech
2006-11-20 20:05 -------- d-------- C:\Documents and Settings\Owner\Application Data\AdobeAUM
2006-11-19 19:37 -------- d-------- C:\Program Files\VideoLAN
2006-11-18 13:26 -------- d-------- C:\Program Files\MSXML 4.0
2006-11-17 18:34 0 --a------ C:\Documents and Settings\Owner\Application Data\internaldb5436.dat
2006-11-17 15:34 -------- d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft
2006-11-15 15:54 0 --a------ C:\Documents and Settings\Owner\Application Data\internaldb4179.dat
2006-11-15 15:54 0 --a------ C:\Documents and Settings\Owner\Application Data\internaldb2391.dat
2006-11-15 15:54 0 --a------ C:\Documents and Settings\Owner\Application Data\internaldb1869.dat
2006-11-12 00:52 692276 ---hs---- C:\WINDOWS\system32\vtstt.dll
2006-11-12 00:46 40973 ---hs---- C:\WINDOWS\system32\vtuspop.dll
2006-11-12 00:32 9216 --a------ C:\Documents and Settings\Owner\Application Data\internaldb8467.dat
2006-11-12 00:32 49 --a------ C:\Documents and Settings\Owner\Application Data\internaldb41.dat
2006-11-12 00:32 0 --a------ C:\Documents and Settings\Owner\Application Data\internaldb6334.dat
2006-11-12 00:31 97455 --a------ C:\WINDOWS\5-a0c18a429b8010fee34ee31d9073371d.exe
2006-11-12 00:31 622613 --a------ C:\WINDOWS\4-efb7bab6499fc415ee93f4097033deae.exe
2006-11-12 00:31 365132 --a------ C:\WINDOWS\7-7c15eb3352bcc3049d7e9e974ad283bf.exe
2006-11-12 00:31 23 --a------ C:\Documents and Settings\Owner\Application Data\inifile41.ini
2006-11-12 00:03 -------- d-------- C:\Program Files\Corel
2006-11-09 18:45 -------- d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2006-11-07 21:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-19 20:09 0 --a------ C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2006-10-19 05:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-13 21:26 284672 --a------ C:\WINDOWS\rapidui.exe
2006-10-13 04:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Mercora"="\"C:\\Program Files\\Mercora\\MercoraClient.exe\" -min"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Torrent Finder"="\"C:\\Program Files\\Torrent Finder\\Torrent-Finder.exe\""
"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1"
"Creative Detector"="\"C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R"
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"Power2GoExpress"=""
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.2480\\GoogleToolbarNotifier.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"SoundMan"="SOUNDMAN.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Recguard"=hex(2):25,57,49,4e,44,49,52,25,5c,53,4d,49,4e,53,54,5c,52,45,43,47,\
55,41,52,44,2e,45,58,45,00
"Reminder"=hex(2):25,57,49,4e,44,49,52,25,5c,43,72,65,61,74,6f,72,5c,52,65,6d,\
69,6e,64,5f,58,50,2e,65,78,65,00
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"VirusScan Online"="c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton AntiVirus\\osCheck.exe\""
"D-Link AirPlus XtremeG"="C:\\Program Files\\D-Link\\AirPlus XtremeG\\AirPlusCFG.exe"
"ANIWZCS2Service"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AGEIA PhysX SysTray"="\"C:\\Program Files\\AGEIA Technologies\\TrayIcon.exe\""
"DllRunning"="rundll32.exe \"C:\\WINDOWS\\system32\\lonxighk.dll\",setvm"
"adstart"="C:\\WINDOWS\\System32\\Rundll32.exe \"C:\\WINDOWS\\system32\\brrotate.dll\" DllVerify"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"Source"="file:///C:/DOCUME~1/Owner/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg"
"SubscribedURL"="file:///C:/DOCUME~1/Owner/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,04,01,00,00,86,00,00,00,40,02,00,00,00,03,00,00,e8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,04,01,00,00,86,00,00,00,40,02,00,00,00,03,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,91,04,a8,9a,83,7c,40,9a,80,7c,ff,ff,ff,ff,36,9a,\
80,7c,36,9a,80,7c
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="http://x.myspace.com/images/LogoDotcom.gif"
"SubscribedURL"="http://x.myspace.com/images/LogoDotcom.gif"
"FriendlyName"=""
"Flags"=dword:00001001
"Position"=hex:2c,00,00,00,70,01,00,00,de,00,00,00,cd,00,00,00,2b,00,00,00,8e,\
13,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,e1,01,00,00,84,00,00,00,cd,00,00,00,2b,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,70,01,00,00,de,00,00,00,cd,00,00,00,2b,00,\
00,00,01,00,00,40
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Power2GoExpress"="NA"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Power2GoExpress"="NA"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtstt
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winetn32
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Owner.job
Completion time: 07-01-09 11:08:20.46
C:\ComboFix.txt ... 07-01-09 11:08
-
Can you do the following please
Download [color=\"blue\"]VundoFix.exe[/color] (http://\"http://www.atribune.org/ccount/click.php?id=4\")
to your desktop.
We'll need it later
Do a "System scan only" with Hijackthis and put a check next to these entries:
O2 - BHO: BannerCpm.com Browser Optimizer - {49C96360-9DA5-4E3A-8FF4-FAD8E79DABF2} - C:\WINDOWS\system32\brrotate.dll
O2 - BHO: (no name) - {5D3D3E35-2DFE-4D59-B6B2-24B09969F3D1} - C:\WINDOWS\system32\vtstt.dll
O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - C:\WINDOWS\system32\SearchEnhancer\nsa296.dll
O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-436325722327} - C:\WINDOWS\system32\SmartShopper\SmartShopper.dll (file missing)
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\msbhmfow.dll
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\lonxighk.dll",setvm
O4 - HKLM\..\Run: [adstart] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\brrotate.dll" DllVerify
O20 - Winlogon Notify: vtstt - C:\WINDOWS\system32\vtstt.dll
O20 - Winlogon Notify: winetn32 - winetn32.dll (file missing)
After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Vundofix.exe- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button."
Back in Windows
Can you post the following
1. Post a fresh hijackthis log
2. Post the report from Vundofix>>C:\Vundofix.txt
3. Could you also
Download and unzip to your desktop InstalledPrograms.zip (http://\"http://www.billsway.com/vbspage/vbsfiles/InstalledPrograms.zip\")
Double click on InstalledPrograms.vbs
Click OK at the IP prompt and click YES to view the results now
A text file will open, can you copy and paste back here the whole contents
ALLOW this script to run if prompted by your AntiVirus
Could you also let me know why Combofix was running from your D:\ drive
-
Logfile of HijackThis v1.99.1
Scan saved at 10:27:14 AM, on 1/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\BigFix\bigfix.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\HJT\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sbc.yahoo.com/dsl (http://\"http://sbc.yahoo.com/dsl\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...DTP&M=D3123 (http://\"http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=D3123\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...DTP&M=D3123 (http://\"http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=D3123\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {97D364E2-614A-4160-8127-CDE889EDA420} - C:\WINDOWS\system32\vtstt.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] "C:\Program Files\AGEIA Technologies\TrayIcon.exe"
O4 - HKCU\..\Run: [Mercora] "C:\Program Files\Mercora\MercoraClient.exe" -min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Torrent Finder] "C:\Program Files\Torrent Finder\Torrent-Finder.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
-
VundoFix V6.2.13
Checking Java version...
Java version is 1.5.0.2
Scan started at 10:12:03 AM 1/10/2007
Listing files found while scanning....
C:\WINDOWS\system32\vtstt.dll
C:\WINDOWS\system32\ttstv.ini
C:\WINDOWS\system32\ttstv.bak1
C:\WINDOWS\system32\ttstv.bak2
C:\WINDOWS\system32\ttstv.ini2
C:\WINDOWS\system32\ttstv.tmp
C:\WINDOWS\system32\vtstt.dll
C:\WINDOWS\system32\ttstv.ini
C:\WINDOWS\system32\ttstv.bak1
C:\WINDOWS\system32\ttstv.bak2
C:\WINDOWS\system32\ttstv.ini2
C:\WINDOWS\system32\ttstv.tmp
C:\WINDOWS\system32\ttstv.ini
C:\WINDOWS\system32\ttstv.bak1
C:\WINDOWS\system32\ttstv.bak2
C:\WINDOWS\system32\ttstv.ini2
C:\WINDOWS\system32\ttstv.tmp
Beginning removal...
Attempting to delete C:\WINDOWS\system32\vtstt.dll
C:\WINDOWS\system32\vtstt.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ttstv.ini
C:\WINDOWS\system32\ttstv.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ttstv.bak1
C:\WINDOWS\system32\ttstv.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ttstv.bak2
C:\WINDOWS\system32\ttstv.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ttstv.ini2
C:\WINDOWS\system32\ttstv.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ttstv.tmp
C:\WINDOWS\system32\ttstv.tmp Has been deleted!
Performing Repairs to the registry.
Done!
-
INSTALLED SOFTWARE (172) - YOUR-A25ECD8E63 - 1/10/2007 10:32:22 AM
Adobe Reader 7.0.5 Ver: 7.0.5 Installed: 10/9/2006
AGEIA PhysX v2.4.4
AirPlus XtremeG Installed: 10/8/2006
AirPlus XtremeG Installed: 10/8/2006
ANIO Service
ANIWZCS2 Service
AppCore Ver: 1 Installed: 10/8/2006
AV Ver: 1 Installed: 10/8/2006
Bannercpm Browser Optimizer Ver: 1.0.5.1
BigFix
Browser Address Error Redirector
ccCommon Ver: 106.0.1.10 Installed: 10/8/2006
Creative MediaSource Ver: 3.00
Creative Removable Disk Manager
Creative System Information
Creative Zen MicroPhoto Ver: 1.0
DVD Solution
Google Toolbar for Internet Explorer
HijackThis 1.99.1 Ver: 1.99.1
Hotfix for Windows XP (KB893357) Ver: 2
Hotfix for Windows XP (KB895953) Ver: 4
Hotfix for Windows XP (KB896256) Ver: 3 Installed: 10/7/2006
Hotfix for Windows XP (KB896344) Ver: 2
Hotfix for Windows XP (KB906569) Ver: 2
Internet Worm Protection Ver: 14.0.0 Installed: 10/8/2006
iTunes Ver: 7.0.1.8 Installed: 10/9/2006
J2SE Runtime Environment 5.0 Update 2 Ver: 1.5.0.20 Installed: 10/7/2006
LimeWire 4.12.6 Ver: 4.12.6
LiveUpdate 3.1 (Symantec Corporation) Ver: 3.1.0.99
McAfee Personal Firewall Plus
McAfee SecurityCenter
McAfee SpamKiller
McAfee Uninstall Wizard
McAfee VirusScan
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Ver: 2.0.50727 Installed: 10/13/2006
Microsoft Digital Image Library 9 - Blocker Ver: 9.00.0000
Microsoft Digital Image Starter Edition 2006 Ver: 11.0.0422
Microsoft Digital Image Starter Edition 2006 Editor Ver: 11.0.0422 Installed: 10/7/2006
Microsoft Digital Image Starter Edition 2006 Library Ver: 11.0.0422 Installed: 10/7/2006
Microsoft Money 2006 Ver: 15
Microsoft Office Standard Edition 2003 Ver: 11.0.6361.0 Installed: 10/7/2006
Microsoft Works Ver: 08.05.0818 Installed: 10/7/2006
Mozilla Firefox (1.5.0.9) Ver: 1.5.0.9 (en-US)
MSXML 4.0 SP2 (KB927978) Ver: 4.20.9841.0 Installed: 11/18/2006
Napster Ver: 3.0.3.7
Napster Burn Engine Ver: 2.5.0000 Installed: 10/7/2006
Norton AntiVirus Ver: 14.0.0.89 Installed: 10/8/2006
Norton AntiVirus (Symantec Corporation) Ver: 14.0.0.89
Norton AntiVirus Help Ver: 14.00.00 Installed: 10/8/2006
Norton AntiVirus Parent MSI Ver: 14.0.0 Installed: 10/8/2006
Norton AntiVirus SYMLT MSI Ver: 14.0.0 Installed: 10/8/2006
Norton Protection Center Ver: 2007.1.0.118 Installed: 10/8/2006
NVIDIA Drivers
Power2Go 4.0
PowerDVD
QuickTime Ver: 7.1.3.130 Installed: 10/9/2006
RealPlayer Basic
Realtek AC'97 Audio Ver: 5.17 Installed: 10/7/2006
Recovery Software Suite eMachines Ver: 1.00.0000 Installed: 10/7/2006
SBC Yahoo! DSL Home Networking Installer
Search Enhancer
Security Update for Microsoft .NET Framework 2.0 (KB917283) Ver: 1
Security Update for Microsoft .NET Framework 2.0 (KB922770) Ver: 1
Security Update for Step By Step Interactive Training (KB898458) Ver: 20050502.101010
Security Update for Windows Media Player (KB911564) Installed: 10/8/2006
Security Update for Windows Media Player 10 (KB917734) Installed: 10/8/2006
Security Update for Windows Media Player 6.4 (KB925398) Installed: 12/15/2006
Security Update for Windows XP (KB883939) Ver: 1
Security Update for Windows XP (KB890046) Ver: 1
Security Update for Windows XP (KB893756) Ver: 1
Security Update for Windows XP (KB896358) Ver: 1 Installed: 10/8/2006
Security Update for Windows XP (KB896422) Ver: 1
Security Update for Windows XP (KB896423) Ver: 1 Installed: 10/8/2006
Security Update for Windows XP (KB896424) Ver: 1 Installed: 10/7/2006
Security Update for Windows XP (KB896428) Ver: 1
Security Update for Windows XP (KB896688) Ver: 1
Security Update for Windows XP (KB899587) Ver: 1
Security Update for Windows XP (KB899588) Ver: 1
Security Update for Windows XP (KB899589) Ver: 1
Security Update for Windows XP (KB899591) Ver: 1
Security Update for Windows XP (KB900725) Ver: 1
Security Update for Windows XP (KB901017) Ver: 1
Security Update for Windows XP (KB901214) Ver: 1
Security Update for Windows XP (KB902400) Ver: 1 Installed: 10/8/2006
Security Update for Windows XP (KB903235) Ver: 1
Security Update for Windows XP (KB904706) Ver: 2 Installed: 10/7/2006
Security Update for Windows XP (KB905414) Ver: 1
Security Update for Windows XP (KB905749) Ver: 1
Security Update for Windows XP (KB905915) Ver: 1 Installed: 10/7/2006
Security Update for Windows XP (KB908519) Ver: 1 Installed: 10/7/2006
Security Update for Windows XP (KB911562) Ver: 1 Installed: 10/8/2006
Security Update for Windows XP (KB911567) Ver: 1 Installed: 10/8/2006
Security Update for Windows XP (KB911927) Ver: 1 Installed: 10/8/2006
Security Update for Windows XP (KB912919) Ver: 1 Installed: 10/7/2006
Security Update for Windows XP (KB913580) Ver: 1 Installed: 10/8/2006
Security Update for Windows XP (KB914388) Ver: 1 Installed: 10/8/2006
Security Update for Windows XP (KB914389) Ver: 1 Installed: 10/8/2006
Security Update for Windows XP (KB917159) Ver: 1 Installed: 10/8/2006
Security Update for Windows XP (KB917344) Ver: 1 Installed: 10/8/2006
Security Update for Windows XP (KB917422) Ver: 1 Installed: 10/8/2006
Security Update for Windows XP (KB917953) Ver: 1 Installed: 10/8/2006
Security Update for Windows XP (KB918439) Ver: 1 Installed: 10/8/2006
Security Update for Windows XP (KB918899) Ver: 1 Installed: 10/8/2006
Security Update for Windows XP (KB919007) Ver: 1 Installed: 10/8/2006
Security Update for Windows XP (KB920213) Ver: 1 Installed: 11/18/2006
Security Update for Windows XP (KB920214) Ver: 1 Installed: 10/8/2006
Security Update for Windows XP (KB920670) Ver: 1 Installed: 10/8/2006
Security Update for Windows XP (KB920683) Ver: 1 Installed: 10/8/2006
Security Update for Windows XP (KB920685) Ver: 1 Installed: 10/8/2006
Security Update for Windows XP (KB921398) Ver: 1 Installed: 10/8/2006
Security Update for Windows XP (KB921883) Ver: 1 Installed: 10/8/2006
Security Update for Windows XP (KB922616) Ver: 1 Installed: 10/8/2006
Security Update for Windows XP (KB922760) Ver: 1 Installed: 11/18/2006
Security Update for Windows XP (KB922819) Ver: 1 Installed: 10/13/2006
Security Update for Windows XP (KB923191) Ver: 1 Installed: 10/13/2006
Security Update for Windows XP (KB923414) Ver: 1 Installed: 10/13/2006
Security Update for Windows XP (KB923689) Installed: 12/15/2006
Security Update for Windows XP (KB923694) Ver: 1 Installed: 12/15/2006
Security Update for Windows XP (KB923980) Ver: 1 Installed: 11/18/2006
Security Update for Windows XP (KB924191) Ver: 1 Installed: 10/13/2006
Security Update for Windows XP (KB924270) Ver: 1 Installed: 11/18/2006
Security Update for Windows XP (KB924496) Ver: 1 Installed: 10/13/2006
Security Update for Windows XP (KB925454) Ver: 1 Installed: 12/15/2006
Security Update for Windows XP (KB925486) Ver: 1 Installed: 10/8/2006
Security Update for Windows XP (KB926255) Ver: 1 Installed: 12/15/2006
Security Update for Windows XP (KB929969) Ver: 1 Installed: 1/9/2007
Shockwave Flash
Soft Data Fax Modem with SmartCP
SPBBC 32bit Ver: 3.0.1.10 Installed: 10/8/2006
Symantec Ver: 11.5.0 Installed: 10/8/2006
Symantec Real Time Storage Protection Component Ver: 10.0.1.4 Installed: 10/8/2006
SymNet Ver: 7.0.0.170 Installed: 10/8/2006
Update for Windows XP (KB894391) Ver: 1
Update for Windows XP (KB896727) Ver: 1
Update for Windows XP (KB898461) Ver: 1 Installed: 10/8/2006
Update for Windows XP (KB900485) Ver: 2 Installed: 10/8/2006
Update for Windows XP (KB908531) Ver: 2 Installed: 10/8/2006
Update for Windows XP (KB910437) Ver: 1 Installed: 10/7/2006
Update for Windows XP (KB911280) Ver: 2 Installed: 10/8/2006
Update for Windows XP (KB916595) Ver: 1 Installed: 10/8/2006
Update for Windows XP (KB920872) Ver: 1 Installed: 10/8/2006
Update for Windows XP (KB922582) Ver: 1 Installed: 10/8/2006
Viewpoint Media Player
WebFldrs XP Ver: 9.50.7523 Installed: 8/26/2004
Windows Backup Utility Ver: 5.1 Installed: 8/26/2004
Windows Installer 3.1 (KB893803) Ver: 3.1
Windows Installer 3.1 (KB893803) Ver: 3.1
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707 Ver: 20040929.110854
Windows XP Hotfix - KB867282 Ver: 20050127.090417
Windows XP Hotfix - KB873333 Ver: 20050114.005213
Windows XP Hotfix - KB873339 Ver: 20041117.092459
Windows XP Hotfix - KB885250 Ver: 20050118.202711
Windows XP Hotfix - KB885835 Ver: 20041027.181713
Windows XP Hotfix - KB885836 Ver: 20041028.173203
Windows XP Hotfix - KB886185 Ver: 20041021.090540
Windows XP Hotfix - KB887472 Ver: 20041014.162858
Windows XP Hotfix - KB888113 Ver: 20041116.131036
Windows XP Hotfix - KB888239 Ver: 20041124.162528
Windows XP Hotfix - KB888302 Ver: 20041207.111426
Windows XP Hotfix - KB890047 Ver: 20041221.124506
Windows XP Hotfix - KB890175 Ver: 20041201.233338
Windows XP Hotfix - KB890859 Ver: 1
Windows XP Hotfix - KB890923 Ver: 1
Windows XP Hotfix - KB891781 Ver: 20050110.165439
Windows XP Hotfix - KB893066 Ver: 1
Windows XP Hotfix - KB893086 Ver: 1
WinPcap 3.1 Installed: 10/13/2006
Xfire (remove only)
Yahoo! Install Manager
-
i dont know why combofix was running from my d drive or how it got on my d drive
-
Sorry about the delay take_warning410
Can we carry on with the following please
You have more than one active AntiVirus software running it's protections on your computer
This is not adviseable, it can cause system conflicts and reduce performance
I recommend you access your Add/Remove programs
and remove either Nortons' or McAfee's. Keep the one your happiest with
Reboot the computer afterwards
Back in Windows
[color=\"blue\"]Your Java Runtime Environment is out of date.[/color] Older versions have vulnerabilities that malware can use to infect your system.- Download the latest version of Java Runtime Environment (JRE) 6 (http://\"http://java.sun.com/javase/downloads/index.jsp\").
- Scroll down to where it says "Java Runtime Enviroinment (JRE) 6, The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
- Click the "Download" button to the right.
- Check the box that says: "Accept License Agreement[/i]".
- The page will refresh.
- Click on the link to download Windows Offline Installation, Multi-language and save it to your desktop (12.56 MB).
DON'T install it yet
Access your Add/remove programs
Click the Remove or Change/Remove button.
on the following
J2SE Runtime Environment 5.0 Update 2
Bannercpm Browser Optimizer
Search Enhancer
Viewpoint Media Player
REBOOT the computer
Back in windows
Go ahead and install the latest version of Java from the installer on the desktop
Afterwards
Can you do the following
==Download AVG Anti-Spyware 7.5 (http://\"http://www.ewido.net/en/download/\")- Save the installer to desktop
- Double click the installer, select your language, and then select "OK"
- Click NEXT>>>Select I Agree>>>NEXT>>>INSTALL
- AVG will now install and afterwards click FINISH
- AVG Anti-Spyware 7.5 should now Load
- Click the Update tab at the top. Under Manual Update click Start update.
- After the update finishes (the status bar at the bottom will display "Update successful")
- Click on the Scanner tab at the top
- Click the "Settings" tab and then change the recommended action under "How to Act" to Quarantine and ensure that "Automatically generate report after every scan" IS selected and
"Only if Threats are found" IS NOT selected
- Click back to the "Scan" tab and then click on Complete System Scan.
This scan can take a while to run, let it run uninterrupted
- When the scan is complete it will list any infections found on the left hand side.
- Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
- Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file (like on the Desktop).
I'll need to see this log later
Reboot the computer again
Back in Windows
Go to start > control panel > Display properties > Desktop > Customize Desktop... > Web tab
Uncheck and delete everything you find in there. (except for "My current home page")
Can you post back all the following please
1. Post a fresh Hijackthis log
2. Post the report from AVG-Antispyware
3. Can you run Combofix again, copy>>paste back here the new log that opens please
-
Logfile of HijackThis v1.99.1
Scan saved at 10:31:48 PM, on 1/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\GoogleToolbarNotifier.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\HJT\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sbc.yahoo.com/dsl (http://\"http://sbc.yahoo.com/dsl\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...DTP&M=D3123 (http://\"http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=D3123\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...DTP&M=D3123 (http://\"http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=D3123\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {97D364E2-614A-4160-8127-CDE889EDA420} - C:\WINDOWS\system32\vtstt.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] "C:\Program Files\AGEIA Technologies\TrayIcon.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Mercora] "C:\Program Files\Mercora\MercoraClient.exe" -min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Torrent Finder] "C:\Program Files\Torrent Finder\Torrent-Finder.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
-
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 10:18:19 PM 1/16/2007
+ Scan result:
C:\Program Files\n-CASE -> Adware.180Solutions : Cleaned.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP63\A0177546.dll -> Adware.AdvertMen : Cleaned.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP63\A0177548.dll -> Adware.AdvertMen : Cleaned.
C:\HJT\backups\backup-20070110-101018-427.dll -> Adware.Beginto : Cleaned.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP71\A0215548.dll -> Adware.Beginto : Cleaned.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP66\A0187680.sys -> Adware.BetterInternet : Cleaned.
C:\WINDOWS\4-efb7bab6499fc415ee93f4097033deae.exe -> Adware.SmartShoppe : Cleaned.
C:\WINDOWS\system32\SmartShopper\SmartShopper0.dll -> Adware.SmartShoppe : Cleaned.
C:\WINDOWS\5-a0c18a429b8010fee34ee31d9073371d.exe -> Adware.TrafficSol : Cleaned.
C:\WINDOWS\system32\vtuspop.dll -> Adware.Virtumonde : Cleaned.
C:\Documents and Settings\Miguel\Local Settings\Temporary Internet Files\Content.IE5\4ZW3K5MT\ad-sp2-fastclick[1].swf -> Not-A-Virus.Hoax.SWF.Alerter.a : Cleaned.
:mozilla.300:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.588:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.250:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.27:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.29:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.325:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.32:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.33:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.34:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.35:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.36:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.37:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.38:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.39:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.40:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.41:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.42:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.43:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.44:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.45:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.46:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.47:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.48:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.49:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.50:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.51:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.52:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.53:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.54:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.55:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.56:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.57:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.58:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.59:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.613:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.670:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.671:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.672:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.673:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.674:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.675:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.676:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.677:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.678:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.679:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.680:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.681:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.682:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.683:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.684:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.685:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.686:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.687:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.688:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.689:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.690:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.691:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.692:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.693:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.694:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.695:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.696:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.697:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.698:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.699:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.700:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.701:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.702:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.703:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.704:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.705:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.720:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.723:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.738:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.786:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.797:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.846:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.872:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.906:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.90:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.91:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.92:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.93:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.94:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.95:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.96:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.97:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.98:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Isidro\Cookies\isidro@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Isidro\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Isidro\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Sandy\Cookies\sandy@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Sandy\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Sandy\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.154:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.155:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.163:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.164:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.165:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.166:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.170:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.292:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.293:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.294:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.295:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.296:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.297:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.298:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.299:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.304:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.330:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.335:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.336:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.431:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.432:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.433:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.434:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.435:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.436:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.437:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.532:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.533:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.534:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.535:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.536:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.537:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.538:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.539:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.540:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Isidro\Cookies\isidro@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Miguel\Cookies\miguel@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Sandy\Cookies\sandy@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.406:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.734:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Isidro\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Miguel\Cookies\[email protected][2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Sandy\Cookies\[email protected][2].txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.528:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.529:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Isidro\Cookies\isidro@adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Isidro\Cookies\isidro@adjuggler[3].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Isidro\Cookies\[email protected][2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Isidro\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Miguel\Cookies\miguel@adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Miguel\Cookies\[email protected][2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Sandy\Cookies\sandy@adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Sandy\Cookies\[email protected][1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Isidro\Cookies\isidro@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Miguel\Cookies\miguel@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Sandy\Cookies\sandy@admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned.
:mozilla.760:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.761:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.101:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.102:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.103:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.104:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.104:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.105:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.105:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.106:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.106:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.107:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.108:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.109:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.184:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.185:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.186:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.187:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.190:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.194:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.195:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.196:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.197:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.198:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.199:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.264:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.265:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.266:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.267:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.270:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.295:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.296:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.297:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.298:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.299:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.300:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.425:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.426:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.427:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.428:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.429:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.430:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.603:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Isidro\Cookies\isidro@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Isidro\Local Settings\Temp\Cookies\isidro@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Miguel\Cookies\miguel@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Sandy\Cookies\sandy@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.729:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.730:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.777:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.778:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.10:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.11:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.19:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.22:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.23:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.24:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.25:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.35:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.40:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.41:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.42:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.43:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.48:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.49:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.50:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.51:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.52:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.62:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.65:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.7:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.8:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.9:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Isidro\Cookies\isidro@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Isidro\Cookies\isidro@advertising[3].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Isidro\Local Settings\Temp\Cookies\isidro@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Miguel\Cookies\miguel@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Sandy\Cookies\sandy@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.100:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies-1.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.21:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.44:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.45:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.64:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.6:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.89:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Isidro\Cookies\isidro@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Isidro\Local Settings\Temp\Cookies\isidro@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Miguel\Cookies\miguel@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Sandy\Cookies\sandy@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.399:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.465:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.684:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Isidro\Cookies\isidro@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Miguel\Cookies\miguel@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Sandy\Cookies\sandy@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.181:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies-1.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.262:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.318:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.589:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.635:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Isidro\Cookies\isidro@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Sandy\Cookies\sandy@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.766:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.417:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Isidro\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Miguel\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Sandy\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.413:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.414:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.455:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.456:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.457:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.632:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.633:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Isidro\Cookies\isidro@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Isidro\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Miguel\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Sandy\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.100:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.101:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.102:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.103:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.104:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.105:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.106:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.106:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.107:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.107:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.108:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.108:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.109:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.109:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.110:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.111:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.112:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.113:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.114:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.115:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.56:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.69:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.70:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.71:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.72:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.73:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.74:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.75:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.76:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.77:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Isidro\Cookies\isidro@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Isidro\Cookies\isidro@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Isidro\Local Settings\Temp\Cookies\isidro@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Miguel\Cookies\miguel@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Sandy\Cookies\sandy@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Isidro\Cookies\[email protected][1].txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Sandy\Cookies\[email protected][2].txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.242:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies-1.txt -> TrackingCookie.Com : Cleaned.
:mozilla.303:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.318:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.364:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.643:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@com[1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.172:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.222:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies-1.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.298:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.597:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.626:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.807:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Isidro\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Sandy\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.461:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.462:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Cpv
-
Owner - 07-01-16 22:40:14.03 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Owner\Desktop"
((((((((((((((((((((((((((((((( Files Created from 2006-12-16 to 2007-01-16 ))))))))))))))))))))))))))))))))))
2007-01-16 21:04 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-16 21:04 <DIR> d-------- C:\Program Files\Grisoft
2007-01-16 21:02 <DIR> d-------- C:\Program Files\Common Files\Java
2007-01-13 19:37 <DIR> d-------- C:\Program Files\Photo_Resizer_Pro
2007-01-10 19:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-01-10 10:12 <DIR> d-------- C:\VundoFix Backups
2007-01-08 18:11 81,684 --a------ C:\WINDOWS\system32\dvkenghk.dll
2007-01-08 16:54 81,684 --a------ C:\WINDOWS\system32\chheengb.dll
2007-01-05 12:33 81,684 --a------ C:\WINDOWS\system32\iovbdqgx.dll
2007-01-04 12:24 81,684 --a------ C:\WINDOWS\system32\vuvdkeaq.dll
2007-01-01 19:22 <DIR> d-------- C:\HJT
2006-12-30 19:50 <DIR> d-------- C:\Program Files\_ArcadeDownloadFolder
2006-12-29 19:10 <DIR> d-------- C:\My Backup -- 06-12-29 0810PM
2006-12-29 10:40 81,684 --a------ C:\WINDOWS\system32\akjkuenm.dll
2006-12-28 10:05 44,060 --a------ C:\WINDOWS\system32\msbhmfow.dll
2006-12-28 10:04 81,684 --a------ C:\WINDOWS\system32\fcjbighr.dll
2006-12-27 17:25 44,060 --a------ C:\WINDOWS\system32\jqbargpy.dll
2006-12-27 16:21 44,060 --a------ C:\WINDOWS\system32\auwnjdkh.dll
2006-12-27 15:15 44,060 --a------ C:\WINDOWS\system32\lxfdvhnu.dll
2006-12-27 14:48 44,060 --a------ C:\WINDOWS\system32\pleqjput.dll
2006-12-22 22:45 81,684 --a------ C:\WINDOWS\system32\bkxdihgx.dll
2006-12-19 16:37 81,684 --a------ C:\WINDOWS\system32\nmypsyfy.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-16 22:26 -------- d-------- C:\Program Files\Mozilla Firefox
2007-01-16 21:02 -------- d-------- C:\Program Files\Java
2007-01-16 21:02 -------- d-------- C:\Program Files\Common Files
2007-01-16 20:55 382 --a------ C:\Documents and Settings\Owner\Application Data\internaldb1942.dat
2007-01-15 16:14 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-01-10 14:12 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll
2007-01-10 14:12 -------- d-------- C:\Program Files\BitComet
2007-01-10 10:04 69632 --a------ C:\Documents and Settings\Owner\Application Data\internaldb4827.dat
2007-01-10 10:04 151 --a------ C:\Documents and Settings\Owner\Application Data\internaldb9912.dat
2007-01-10 10:04 0 --a------ C:\Documents and Settings\Owner\Application Data\internaldb715.dat
2007-01-03 08:36 -------- d-------- C:\Program Files\LimeWire
2006-12-31 18:52 -------- d-------- C:\Program Files\Google
2006-12-31 15:54 -------- d-------- C:\Program Files\Common Files\Adobe
2006-12-31 15:54 -------- d-------- C:\Program Files\Adobe
2006-12-30 19:50 -------- d-------- C:\Program Files\_ArcadeDownloadFolder
2006-12-27 16:02 -------- d-------- C:\Program Files\VSAdd-in
2006-12-27 14:59 -------- d-------- C:\Program Files\Soulseek
2006-12-15 18:13 -------- d-------- C:\Program Files\Blubster
2006-12-15 14:18 -------- d-------- C:\Program Files\Internet Explorer
2006-12-15 10:18 -------- d-------- C:\Program Files\Common Files\System
2006-12-15 10:13 -------- d-------- C:\Program Files\Outlook Express
2006-12-14 16:28 118804 --a------ C:\WINDOWS\system32\lonxighk.dll
2006-12-14 15:02 118804 --a------ C:\WINDOWS\system32\ntfhowex.dll
2006-12-07 01:44 -------- d-------- C:\Documents and Settings\Owner\Application Data\CyberLink
2006-12-06 22:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-28 09:54 -------- d-------- C:\Program Files\Pure Networks
2006-11-28 09:21 -------- d-------- C:\Program Files\BitTorrent
2006-11-28 09:17 -------- d-------- C:\Documents and Settings\Owner\Application Data\BitTorrent
2006-11-28 09:11 -------- d-------- C:\Program Files\Common Files\AOL
2006-11-28 09:10 -------- d-------- C:\Documents and Settings\Owner\Application Data\AOL
2006-11-26 20:31 -------- d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2006-11-25 19:01 -------- d-------- C:\Documents and Settings\Owner\Application Data\Creative
2006-11-24 08:14 -------- d-------- C:\Program Files\Creative
2006-11-24 08:12 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-24 08:05 -------- d-------- C:\Program Files\Windows Media Player
2006-11-22 18:03 -------- d-------- C:\Documents and Settings\Owner\Application Data\vlc
2006-11-20 20:37 -------- d-------- C:\Program Files\Common Files\Vbox
2006-11-20 20:23 -------- d-------- C:\Documents and Settings\Owner\Application Data\Leadertech
2006-11-20 20:05 -------- d-------- C:\Documents and Settings\Owner\Application Data\AdobeAUM
2006-11-19 19:37 -------- d-------- C:\Program Files\VideoLAN
2006-11-18 13:26 -------- d-------- C:\Program Files\MSXML 4.0
2006-11-17 18:34 0 --a------ C:\Documents and Settings\Owner\Application Data\internaldb5436.dat
2006-11-17 15:34 -------- d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft
2006-11-15 15:54 0 --a------ C:\Documents and Settings\Owner\Application Data\internaldb4179.dat
2006-11-15 15:54 0 --a------ C:\Documents and Settings\Owner\Application Data\internaldb2391.dat
2006-11-15 15:54 0 --a------ C:\Documents and Settings\Owner\Application Data\internaldb1869.dat
2006-11-12 00:32 9216 --a------ C:\Documents and Settings\Owner\Application Data\internaldb8467.dat
2006-11-12 00:32 49 --a------ C:\Documents and Settings\Owner\Application Data\internaldb41.dat
2006-11-12 00:32 0 --a------ C:\Documents and Settings\Owner\Application Data\internaldb6334.dat
2006-11-12 00:31 365132 --a------ C:\WINDOWS\7-7c15eb3352bcc3049d7e9e974ad283bf.exe
2006-11-12 00:31 23 --a------ C:\Documents and Settings\Owner\Application Data\inifile41.ini
2006-11-07 21:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-19 20:09 0 --a------ C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2006-10-19 05:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Mercora"="\"C:\\Program Files\\Mercora\\MercoraClient.exe\" -min"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Torrent Finder"="\"C:\\Program Files\\Torrent Finder\\Torrent-Finder.exe\""
"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1"
"Creative Detector"="\"C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R"
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"Power2GoExpress"=""
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.2480\\GoogleToolbarNotifier.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"SoundMan"="SOUNDMAN.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Recguard"=hex(2):25,57,49,4e,44,49,52,25,5c,53,4d,49,4e,53,54,5c,52,45,43,47,\
55,41,52,44,2e,45,58,45,00
"Reminder"=hex(2):25,57,49,4e,44,49,52,25,5c,43,72,65,61,74,6f,72,5c,52,65,6d,\
69,6e,64,5f,58,50,2e,65,78,65,00
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton AntiVirus\\osCheck.exe\""
"D-Link AirPlus XtremeG"="C:\\Program Files\\D-Link\\AirPlus XtremeG\\AirPlusCFG.exe"
"ANIWZCS2Service"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AGEIA PhysX SysTray"="\"C:\\Program Files\\AGEIA Technologies\\TrayIcon.exe\""
"MSKDetectorExe"="C:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe /uninstall"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,ec,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Power2GoExpress"="NA"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Power2GoExpress"="NA"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Owner.job
Completion time: 07-01-16 22:43:02.10
C:\ComboFix.txt ... 07-01-16 22:43
C:\ComboFix2.txt ... 07-01-09 11:08
-
Looking better, still some cleaning
Can you do the following
Download [color=\"#FF0000\"]The Avenger.zip[/color] (http://\"http://swandog46.geekstogo.com/avenger.zip\") by Swandog46 to your Desktop.
* Click on Avenger.zip to open the file
* Extract avenger.exe to your desktop
Copy ALL the text contained in [color=\"#0000FF\"]blue[/color] below to your Clipboard by highlighting it and pressing the (Ctrl+C) on your keyboard,
=============================================================
[color=\"#0000FF\"]
Files to delete:
C:\WINDOWS\system32\dvkenghk.dll
C:\WINDOWS\system32\chheengb.dll
C:\WINDOWS\system32\iovbdqgx.dll
C:\WINDOWS\system32\vuvdkeaq.dll
C:\WINDOWS\system32\akjkuenm.dll
C:\WINDOWS\system32\msbhmfow.dll
C:\WINDOWS\system32\fcjbighr.dll
C:\WINDOWS\system32\jqbargpy.dll
C:\WINDOWS\system32\auwnjdkh.dll
C:\WINDOWS\system32\lxfdvhnu.dll
C:\WINDOWS\system32\pleqjput.dll
C:\WINDOWS\system32\bkxdihgx.dll
C:\WINDOWS\system32\nmypsyfy.dll
C:\WINDOWS\system32\lonxighk.dll
C:\WINDOWS\system32\ntfhowex.dll
C:\Documents and Settings\Owner\Application Data\internaldb1942.dat
C:\Documents and Settings\Owner\Application Data\internaldb4827.dat
C:\Documents and Settings\Owner\Application Data\internaldb9912.dat
C:\Documents and Settings\Owner\Application Data\internaldb715.dat
C:\Documents and Settings\Owner\Application Data\internaldb5436.dat
C:\Documents and Settings\Owner\Application Data\internaldb4179.dat
C:\Documents and Settings\Owner\Application Data\internaldb2391.dat
C:\Documents and Settings\Owner\Application Data\internaldb1869.dat
C:\Documents and Settings\Owner\Application Data\internaldb8467.dat
C:\Documents and Settings\Owner\Application Data\internaldb41.dat
C:\Documents and Settings\Owner\Application Data\internaldb6334.dat
C:\WINDOWS\7-7c15eb3352bcc3049d7e9e974ad283bf.exe
C:\Documents and Settings\Owner\Application Data\inifile41.ini
Folders to delete:
C:\WINDOWS\system32\SmartShopper
C:\Program Files\VSAdd-in
Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{97D364E2-614A-4160-8127-CDE889EDA420}
[/color]
==========================================================================
Now, start The Avenger program by clicking on its icon on your desktop
OK the prompt
* Under "Script file to execute" choose "Input Script Manually".
* Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
* Paste the text copied to clipboard into this window by pressing (Ctrl+V).
* Click Done
* Now click on the [color=\"#00FF00\"]Green Light[/color] to begin execution of the script
* Answer "Yes" twice when prompted.
Avenger should now Reboot your computer
Back in Windows
1. Post a fresh hijackthis log
2. Post the log from Avenger>>C:\Avenger.txt
Keep me informed how things are running please
-
Logfile of HijackThis v1.99.1
Scan saved at 12:21:53 PM, on 1/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\BigFix\bigfix.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\HJT\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sbc.yahoo.com/dsl (http://\"http://sbc.yahoo.com/dsl\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...DTP&M=D3123 (http://\"http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=D3123\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...DTP&M=D3123 (http://\"http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=D3123\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] "C:\Program Files\AGEIA Technologies\TrayIcon.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Mercora] "C:\Program Files\Mercora\MercoraClient.exe" -min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Torrent Finder] "C:\Program Files\Torrent Finder\Torrent-Finder.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
-
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\epwpawyg
*******************
Script file located at: \??\C:\WINDOWS\system32\mrwbixri.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\system32\dvkenghk.dll deleted successfully.
File C:\WINDOWS\system32\chheengb.dll deleted successfully.
File C:\WINDOWS\system32\iovbdqgx.dll deleted successfully.
File C:\WINDOWS\system32\vuvdkeaq.dll deleted successfully.
File C:\WINDOWS\system32\akjkuenm.dll deleted successfully.
File C:\WINDOWS\system32\msbhmfow.dll deleted successfully.
File C:\WINDOWS\system32\fcjbighr.dll deleted successfully.
File C:\WINDOWS\system32\jqbargpy.dll deleted successfully.
File C:\WINDOWS\system32\auwnjdkh.dll deleted successfully.
File C:\WINDOWS\system32\lxfdvhnu.dll deleted successfully.
File C:\WINDOWS\system32\pleqjput.dll deleted successfully.
File C:\WINDOWS\system32\bkxdihgx.dll deleted successfully.
File C:\WINDOWS\system32\nmypsyfy.dll deleted successfully.
File C:\WINDOWS\system32\lonxighk.dll deleted successfully.
File C:\WINDOWS\system32\ntfhowex.dll deleted successfully.
File C:\Documents and Settings\Owner\Application Data\internaldb1942.dat deleted successfully.
File C:\Documents and Settings\Owner\Application Data\internaldb4827.dat deleted successfully.
File C:\Documents and Settings\Owner\Application Data\internaldb9912.dat deleted successfully.
File C:\Documents and Settings\Owner\Application Data\internaldb715.dat deleted successfully.
File C:\Documents and Settings\Owner\Application Data\internaldb5436.dat deleted successfully.
File C:\Documents and Settings\Owner\Application Data\internaldb4179.dat deleted successfully.
File C:\Documents and Settings\Owner\Application Data\internaldb2391.dat deleted successfully.
File C:\Documents and Settings\Owner\Application Data\internaldb1869.dat deleted successfully.
File C:\Documents and Settings\Owner\Application Data\internaldb8467.dat deleted successfully.
File C:\Documents and Settings\Owner\Application Data\internaldb41.dat deleted successfully.
File C:\Documents and Settings\Owner\Application Data\internaldb6334.dat deleted successfully.
File C:\WINDOWS\7-7c15eb3352bcc3049d7e9e974ad283bf.exe deleted successfully.
File C:\Documents and Settings\Owner\Application Data\inifile41.ini deleted successfully.
Folder C:\WINDOWS\system32\SmartShopper deleted successfully.
Folder C:\Program Files\VSAdd-in deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{97D364E2-614A-4160-8127-CDE889EDA420} deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
-
thinga are doing better. the computer hasnt shut off unexpectedly. we have dsl and the network goes off a lot. i dont know if this is a computer problem or a problem with the provider. i dont think i have seen a lot of pop ups
-
I don't see the below anti-spyware scanners installed on your computer
They are yours for free, please install and hold onto them, they are free tools
Download and Install
Ad-Aware SE Personal 1.06 (http://\"ftp://ftp.download.com/pub/win95/utilities/aawsepersonal.exe\")
Open Ad-Aware, ensure to click the check for updates now link and Connect to download the latest updates
Close out after it is updated, as we will need it later
Open Ad-Aware SE 1.06
Click START
Click the radio button to Perform a Full system scan then click NEXT
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button
RESTART your computer to finish the cleaning process
===================================
Download and Install Spybot 1.4 from
HERE (http://\"http://fileforum.betanews.com/detail/Spybot_Search_and_Destroy/1043809773/1\")
After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and then download all updates
Ensure all updates are successful, a GREEN check will indicate this
If you have an error updating, search for updates again and retry the download until all updates are successfully installed
After update is complete
Click the "Search & Destroy" button on the left
"Check for Problems"---When the Scan is complete
FIX all selected promblems in RED
RESTART the computer to finish any cleaning process
Back in windows
One more fresh hijackthis log please and let me know how things are running then